The number of victim organizations hit by Cl0p via vulnerable MOVEit installations has surpassed 2,000, and the number of affected individuals is now over 60 million.
The victim organizations are overwhelmingly based in the US. “The most heavily impacted sectors are finance and professional services and education, which account for 13.8 percent and 51.1 percent of incidents respectively,” Emsisoft researchers have shared on Monday.
IT market research company KonBriefing Research shows similar numbers, and links to data breach notification alerts by many of the companies.
Among the latest victims is the Better Outcomes Registry & Network (BORN), an Ontario-based perinatal, newborn and child registry, which in late May published a breach notice about the cybersecurity incident linked to the MOVEit vulnerability, and notified the authorities, including the Ontario Provincial Police and the Information and Privacy Commissioner (IPC) of Ontario.
“An in-depth analysis revealed that the files copied during the breach contained personal health information of approximately 3.4 million people – mostly those seeking pregnancy care and newborns who were born in Ontario between January 2010 and May 2023,” the institution recently stated.